Apple's new Lion Server reduces support for Windows clients while increasing support for iOS devices. It also moves away from graphical administration and towards command-line administration of more advanced settings......Read entire story here

This is indeed a problem in our network, also if we have to face the most important one: the removal of the Mac OS X Server. From 1999 (yes, with Mac OS X 10.1.x...) we have a network with a Mac OS X Server running services to a group of iMac clients.

In 2004, to supply the request of Windows applications (and the Internet Explorer de-support by Microsoft), we have implemented a solution where Mac OS X act as a PDC for a terminal server cluster, mounting the same Windows home as the iMac.

Actually we are changing our configuration and is not really simple. Looking to the Mac OS X de-support policy done by Apple in 2010/2011, I don't know if our future clients will be iMac or other technologies.

Does the loss of PDC in Lion Server affect your plans for Mac servers or clients? If so
.

I've been experiencing this issue, and testing it. Here's the rundown:

If you have a Lion Server, with both a local user, and an Open Directory user (aka sharing only, aka access user), create a share and set it to be shared for both Mac (AFP) and Windows (SMB), the following applies:

Macs can connect and authenticate via AFP and SMB as either user

Windows 7 can connect via SMB as the local user, but not the OD user

This is discussed in the thread on Apple's support forum. Some posters there are confusing local users with OD only users, and claim a solution, but testing shows that OD users can't authenticate from Windows 7. I suspect if has something to do with how the passwords are presented from Windows 7 and passed to the password server in Lion.

This rang a bell. In cross-platform file sharing with SMB extended attributes are usually mapped to NTSF streams. Which readers may remember, is something you can turn off in Lion and Snow Leopard get SMB file sharing working. We have a report on how do turn off streams with Lion here, and with Snow Leopard here. The result is the same for both: edit the /etc/nsmb.conf file (or create one) and add the line streams=no......Read entire story here

I've been running into this problem from my Windows computers (Active Directory and other) in my Lion Magic Triangle setup. I believe that the Lion server is trying to serve the Windows clients in the Bonjour realm or something; if I add a new zone in DNS for (LionServerName).local and point it to the correct Lion server IP, Windows clients are able to browse the shares whereas before the FQDN [fully qualified domain name] did not work (and still does not work). However, I was always able to browse shares via the IP of the server (and even though the FQDN resolved to the correct IP of the Lion server, I still had to use the IP).

This isn't really a solution, but it is a workaround. The Apple techs I talked to said "Wait for 10.7.2.

We would point out that this issue was not on Apple's list of fixes for Mac OS X Server 10.7.2. If you've tried Wagner's workaround
.

Although Lion Server can run both IPsec and PPTP virtual private networks (VPN), Apple removed PPTP from the graphical user interface, now in the Server app. PPTP is still there, and can be accessed via the command line in Terminal. Apple's support document, Lion Server: Configuring and Enabling PPTP, describes how to access PPTP and configure it using text commands.

Jaap Schokkenbroek reports a problem with a with a network scanner after upgrading from Snow Leopard Server to Lion Server:

I've got a simple HP Officejet Pro 7780 which could scan to a network volume 'scans' on the server. After the update to Lion Server the HP isn't able to log-in anymore, very anoying. I made a new user on the server, I made a new sharepoint etc etc but no go. Other Mac's (10.6 though) can log-in with the smb://ip-adres routine...

Gerardo Michelli in Argentina reports a problem with Lion Server and Lion clients. The Managed Preferences settings (MCX) for Safari 5 clients don't stick, though making changes on the local machine do work:

We have a Magic Triangle with Lion Server OD and AD. We have an issue with the MCX Preferences proxy settings, which apply to Clients with Safari on Snow Leopard but not apply to Clients with Safari on Lion.

All other apps that require proxy (iTunes, MacAppStore, Firefox, Google Chrome) work fine, but Safari does not surf. If I insert the settings manually via System Preferences locally, it works fine.

It seems like Safari on Lion doesn't read the /Library/ManagedPreferences/%User%/apple.com.SystemConfiguration.plist file. But if we make a change in MCX Safari Settings (Like HomePage) on /Library/ManagedPreferences/%User%/apple.com.safari.plist, this settings works fine.

Along with yesterday's Lion client update, Apple released Mac OS X Server 10.7.3, a significant update that not only fixes dozens of bugs, some of which we have reported, but also adds new settings, user interface items, and new administrative features. Some of these features were available in Snow Leopard Server and earlier but were stripped out of Lion Server. Apple also released Server Admin Tools 10.7.3, which includes Server Admin and Workgroup Manager.

Apple has posted a tech article describing with a command line fix for a problem with Lion Server 10.7.3 and Profile Manager. The article is entitled "Server app unable to display Profile Manager settings after updating to Lion Server v10.7.3." The fix is to edit the following configuration file: /usr/share/devicemgr/backend/app/models/interface_knob_set.rb with changes described in the article.

Last week Google said Apple's Lion Server disk encryption isn't good enough for enterprise and provided its own open source add-on. Google released Cauliflower Vest, an open source tool specifically for automating the enabling of FileVault 2 encryption in enterprise settings for Lion Server and its clients. At its open source blog, Google described why Lion Server's disk encryption inadequate for enterprise:

While the new FileVault 2 offering is very well suited to consumers, some enterprises may equire additional features that are not provided out of the box. For example, FileVault 2 encryption is initiated voluntarily by users, lacks enforcement, and, by default, escrows recovery keys to Apple's central server. It also relies on individual Apple IDs, which cannot be managed as a group......Read entire story here

TIP: Changing Lion Server's data storage location

Monday, March 5, 2012

When Mac OS X Server 10.7 first shipped, you could not change the location of the data store for multiple services, including email, Address Book, iCal, and the Wiki. There were stored on the boot drive or partition, which is not ideal for performance, security, or storage space if you have a large number of users.

With Mac OS X Server 10.7.2, Apple added a provision in the Server app to let you copy the data store to a new location. Here's how to access it in the Server app:

Choose the server's name under the Hardware heading in the sidebar.

Click the Settings tab.

In the Service Data line, click the Edit button.

Select the volume you want to store the data.

A copy of the data will be placed in a Library folder on the drive or partition you select. The data on the boot partition remains but won't be updated.